While investigating deceptive webpages, our research team discovered the "Space backgrounds pictures" browser extension. It is promoted as a tool that displays space-themed browser wallpapers. However, our analysis revealed that Space backgrounds pictures is a browser hijacker. It makes alteratio
Our researchers discovered DeveloperEngine adware while investigating new submissions to the VirusTotal website. This application belongs to the AdLoad malware family, and it is designed to run intrusive ad campaigns. Advertising-supported software operates by displaying advertisements, and it o
HelloTeacher is the designated name for a recently discovered Android spyware variant targeting unsuspecting users in Vietnam. This malware possesses advanced functionalities, including the ability to extract contact details, SMS data, photos, the list of installed apps, and capture images and rec
While examining suspicious sites, our research team discovered the Lookup for Wikipedia browser extension. It is presented as an easy-access tool to Wikipedia, which is also capable of saving the search history of this online encyclopedia. However, after analyzing this extension, we determine tha
Our research team discovered the LauncherLocator application during a routine inspection of new submissions to VirusTotal. After examining this piece of software, we learned that it is adware. It is noteworthy that LauncherLocator is part of the AdLoad malware family. Adware stands for a
Our team inspected the Motivational Quotes app and found that its purpose is to hijack web browsers. It is common for browser hijackers to promote fake or unreliable search engines. Motivational Quotes promotes motivational-quotes.com - a fake search engine. It does so by changing the settings of
The Qxtfkslrf ransomware is our newest find from the VirusTotal website. This malicious program belongs to the Snatch ransomware family. Qxtfkslrf is designed to encrypt data and demand payment for its decryption. On our test machine, this ransomware encrypted files and appended their filenames w
After our investigation of vinetguide[.]com, we discovered that this website utilizes a deceptive tactic, a clickbait message, to manipulate visitors into subscribing to notifications. Furthermore, vinetguide[.]com has the potential to redirect users to other unreliable websites. Therefore, it is
GreetingGhoul is a piece of malicious software that targets cryptocurrency wallets. This stealer-type malware is focused exclusively on digital currencies. GreetingGhoul is currently active in Europe, South America, and the United States. There is tenuous evidence pointing to the cyber criminals b
During our investigation, it came to our attention that robots-verify-checkio[.]com is one of the many websites employing deceptive tactics to trick visitors into agreeing to receive notifications. Additionally, while browsing robots-verify-checkio[.]com, users are redirected to other untrustworth